Clearly, someone tried to exploit WordPress using this plugin so that a list of users and passwords would get returned. I don’t know if this vulnerability has been fixed already, I just wanted to make sure it doesn’t go unnoticed in any case.

The request was blocked by Bad Behavior for “URL pattern found on blacklist”; the assault came from China.